CVE-2007-1889 - Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0

CVE-2007-1889

Summary

Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.

References

Vulnerable Configurations

cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	23238
debian	DSA-1283
misc	http://www.php-security.org/MOPB/MOPB-43-2007.html http://www.php-security.org/MOPB/MOPB-44-2007.html
secunia	25056 25062
suse	SUSE-SA:2007:032
xf	zend-zendmmallocint-bo(33770)

statements via4

contributor	Mark J Cox
lastmodified	2007-04-16
organization	Red Hat
statement	Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.

Last major update

29-07-2017 - 01:31

Published

06-04-2007 - 01:19

Last modified

29-07-2017 - 01:31